Traq is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with admin privileges. Failed exploit attempts will result in a denial-of- service condition. Traq versions prior to 2.3.1 are vulnerable.

Vendor updates are available. Please see the references for details.

• http://sourceforge.net/projects/qatraq/
• http://www.securityfocus.com/bid/50961

---

Updated on 2015-03-25